VARIoT IoT vulnerabilities database
| VAR-202604-1987 | CVE-2026-31923 | Apache Software Foundation of APISIX Vulnerability in plaintext transmission of important information in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default.
This issue affects Apache APISIX: from 0.7 through 3.15.0.
Users are recommended to upgrade to version 3.16.0, which fixes the issue. 3.16.0 It is recommended to upgrade to .All information handled by the software may be leaked to the outside. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software
| VAR-202604-1913 | CVE-2026-31908 | Apache Software Foundation of APISIX Vulnerability in sanitizing special elements in |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
Header injection vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2.12.0 through 3.15.0.
Users are recommended to upgrade to version 3.16.0, which fixes the issue. 3.16.0 It is recommended to upgrade to .All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1914 | CVE-2025-40745 | Siemens' Simcenter 3d Vulnerabilities related to certificate validation in multiple products, including |
CVSS V2: - CVSS V3: 3.7 Severity: Medium |
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Man-in-the-Middle They may carry out an attack.- Some of the information handled by the software may be leaked to external parties. - No rewriting will occur to the information handled by the software. - The software will not stop
| VAR-202604-2239 | CVE-2026-6024 | Shenzhen Tenda Technology Co.,Ltd. of i6 Path traversal vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: Medium |
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-2498 | CVE-2026-6016 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The attack code is publicly available and could be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3433 | CVE-2026-6015 | Shenzhen Tenda Technology Co.,Ltd. of AC9 Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. An exploit is publicly available and can be exploited in the wild.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1660 | CVE-2026-35063 | OpenPLC Project of OpenPLC_v3 Lack of Authentication Vulnerability in Firmware |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access. role=admin You can create a new account to gain full administrator access.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1661 | CVE-2026-35556 | OpenPLC Project of OpenPLC_v3 Vulnerability regarding plaintext storage of authentication information in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software
| VAR-202604-1659 | CVE-2026-28205 | OpenPLC Project of OpenPLC_v3 Vulnerability in firmware where resources are initialized to insecure default values |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-2496 | CVE-2026-5962 | Shenzhen Tenda Technology Co.,Ltd. of ch22 Path traversal vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: Medium |
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The exploit has already been exposed and is at risk of being misused.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-3227 | CVE-2026-5849 | Shenzhen Tenda Technology Co.,Ltd. of I12 Path traversal vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: Medium |
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This exploit is public and could be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-2234 | CVE-2026-5844 | D-Link Corporation of DIR-882 Multiple vulnerabilities in firmware |
CVSS V2: 8.3 CVSS V3: 7.2 Severity: High |
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-4084 | CVE-2026-5830 | Shenzhen Tenda Technology Co.,Ltd. of AC15 Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1896 | CVE-2025-52222 | D-Link Corporation of di-8003 Classic buffer overflow vulnerabilities in multiple products, including firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in the radius_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1751 | CVE-2025-52221 | Shenzhen Tenda Technology Co.,Ltd. of AC6 Multiple vulnerabilities in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1938 | CVE-2025-45059 | D-Link Corporation of di-8300 Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DoS ) may causeInformation handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1754 | CVE-2025-45058 | D-Link Corporation of di-8300 Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DoS ) may cause attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-1753 | CVE-2025-45057 | D-Link Corporation of di-8300 Classic buffer overflow vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. DoS ) attacks.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software
| VAR-202604-0223 | CVE-2025-65116 | JP1/IT Desktop Management 2, JP1/NETM/DM Multiple vulnerabilities in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. Please check vendor information for potential impact
| VAR-202604-0222 | CVE-2025-65115 | JP1/IT Desktop Management 2, JP1/NETM/DM Multiple vulnerabilities in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13. Please check vendor information for potential impact